Researchers have discovered security problems in management systems used to control X-ray machines and other medical devices.
Terry McCorkle and Billy Rios of security start-up Cylance used fuzzing approaches previously applied to unearth security holes in industrial control systems to find a way into the Xper Information …

I wonder who might be on their list?

There's your problem

Both the US Department of Homeland Security (DHS) ICS-CERT, which normally deals with security issues involving industry control kit, and the US Food and Drug Administration (FDA) are reportedly taking an interest in the issue.

Clearly the problem is excessive regulation by the federal authorities. They shouldn't bother the poor manufacturer with their intrusive regulations and requirements; they should just let the free market sort it out!

"An increasingly popular technique for protecting dial-in ports from the ravages of hackers and other more sinister system penetrators is dial back operation wherein a legitimate user initiates a call to the system he desires to connect with, types in his user ID and perhaps a password, disconnects and waits for the system to call him back at a prearranged number"

bit more complicated than that

Once a device has been certified by the FDA then the manufacturer has no real liability should it be proven to be wide open to attack and the FDA has not seen security as an issue worth looking into -even now that all these devices are becoming network aware.

Most devices started appearing with ethernet ports over the last 15 years and it was ~10 years ago when the first devices with "wifi" logos turned up in the hospital that i worked in. The ECG machine next to me has 802.11g with WEP and a well old version of telnet on it.

I predict that as soon as people start doing formal testing of any kit then, like Barnaby et al, they will discover that it is all pwnable. It is just that the kit is very expensive to buy and tends to be traded on when it reaches eol.